[dm-crypt] cryptsetup --iter-time default should be configurable (and reported in --help)

Milan Broz gmazyland at gmail.com
Tue Nov 20 21:32:22 CET 2012


On 11/20/2012 08:02 PM, Daniel Kahn Gillmor wrote:
> I just noticed that the default for cryptsetup --iter-time isn't visible
> in the output of cryptsetup --help.
> 
> I went looking to change this, and saw that the default is neither
> configurable nor easily extracted.
> 
> The attached patch should make the default for this parameter
> configurable (e.g. ./configure --with-luks1-iter-time=1000), as well as
> reporting the compiled-in default in the output of --help.

Hi,

patch applied to git (just with small change s/msec/ms).

But I hope distro maintainers will not decrease this default without
reading section 5.9 in
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5.9_Security_Aspects

Thanks,
Milan


More information about the dm-crypt mailing list